When purchasing a product, or products, from a merchant's website using an electronic device, such as a desktop computer or a tablet computer, a consumer will usually put the product(s) in the website's ‘shopping basket’ and then proceed to the ‘checkout’ to purchase the product. In order to purchase the product, the consumer will need to submit to the merchant their payment details and any other personal details that the merchant may require, for example delivery address and, if they are purchasing an age restricted product, their date of birth.
Entering all of this information each time the consumer shops on-line, whether with the same merchant or with different merchants, can be time consuming. In order to overcome this, the consumer may save their payment details and personal details on their electronic device so that all of the required information can be auto-completed and then transmitted to the merchant without requiring manual data entry from the consumer. However, storing these details on an electronic device can represent a security risk, as can the transmission of the details over the internet. Furthermore, sharing the details with a merchant may represent a security risk. Firstly, the consumer may not trust a particular merchant with their details, or that what the consumer thought was the merchant's website is in fact a third party's website imitating the merchant's website, in which case their details will have been shared with a 3rd party. Even when their details are shared with a trustworthy merchant, where details may be stored at multiple different locations there is a greater chance that the details may be compromised.
Rather than storing payment and personal details on the consumer's electronic device, the consumer may store their details with the merchant so that each time they purchase a product from the merchant, the consumer details may be auto-completed on the website. However, this means that the consumer's payment details will be stored with every different merchant that they use, which increases the number of locations where their details are stored, thus increasing the security risk. Furthermore, whenever the consumer purchases a product from a merchant for the first time, they will need manually to enter their payment and personal details with that merchant, which is time consuming.
From a merchant's perspective, personal details entered by the consumer, for example delivery address and/or date of birth, may not necessarily be trustworthy. This may represent a risk to the merchant because, for example, they may be unsure that they are selling an age restricted product to a consumer of a suitable age, or that they will be able successful to fulfil delivery of purchased goods. Furthermore, handling of transaction details and personal details may represent an additional burden on the merchant, not only because they will need to take steps to complete the transaction, but also because of the additional data security requirements that they should meet when handling such information.